1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG ADB
18
19 #include "sysdeps.h"
20 #include "adb.h"
21
22 #include <ctype.h>
23 #include <errno.h>
24 #include <stdarg.h>
25 #include <stddef.h>
26 #include <stdint.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <sys/time.h>
31 #include <time.h>
32
33 #include <string>
34 #include <vector>
35
36 #include <android-base/errors.h>
37 #include <android-base/logging.h>
38 #include <android-base/macros.h>
39 #include <android-base/parsenetaddress.h>
40 #include <android-base/stringprintf.h>
41 #include <android-base/strings.h>
42
43 #include "adb_auth.h"
44 #include "adb_io.h"
45 #include "adb_listeners.h"
46 #include "adb_utils.h"
47 #include "transport.h"
48
49 #define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
50
51 #if !ADB_HOST
52 #include <cutils/properties.h>
53 #include <sys/capability.h>
54 #include <sys/mount.h>
55 #endif
56
adb_version()57 std::string adb_version() {
58 // Don't change the format of this --- it's parsed by ddmlib.
59 return android::base::StringPrintf("Android Debug Bridge version %d.%d.%d\n"
60 "Revision %s\n",
61 ADB_VERSION_MAJOR, ADB_VERSION_MINOR, ADB_SERVER_VERSION,
62 ADB_REVISION);
63 }
64
fatal(const char * fmt,...)65 void fatal(const char *fmt, ...) {
66 va_list ap;
67 va_start(ap, fmt);
68 fprintf(stderr, "error: ");
69 vfprintf(stderr, fmt, ap);
70 fprintf(stderr, "\n");
71 va_end(ap);
72 exit(-1);
73 }
74
fatal_errno(const char * fmt,...)75 void fatal_errno(const char* fmt, ...) {
76 va_list ap;
77 va_start(ap, fmt);
78 fprintf(stderr, "error: %s: ", strerror(errno));
79 vfprintf(stderr, fmt, ap);
80 fprintf(stderr, "\n");
81 va_end(ap);
82 exit(-1);
83 }
84
get_apacket(void)85 apacket* get_apacket(void)
86 {
87 apacket* p = reinterpret_cast<apacket*>(malloc(sizeof(apacket)));
88 if (p == nullptr) {
89 fatal("failed to allocate an apacket");
90 }
91
92 memset(p, 0, sizeof(apacket) - MAX_PAYLOAD);
93 return p;
94 }
95
put_apacket(apacket * p)96 void put_apacket(apacket *p)
97 {
98 free(p);
99 }
100
handle_online(atransport * t)101 void handle_online(atransport *t)
102 {
103 D("adb: online");
104 t->online = 1;
105 }
106
handle_offline(atransport * t)107 void handle_offline(atransport *t)
108 {
109 D("adb: offline");
110 //Close the associated usb
111 t->online = 0;
112
113 // This is necessary to avoid a race condition that occurred when a transport closes
114 // while a client socket is still active.
115 close_all_sockets(t);
116
117 t->RunDisconnects();
118 }
119
120 #if DEBUG_PACKETS
121 #define DUMPMAX 32
print_packet(const char * label,apacket * p)122 void print_packet(const char *label, apacket *p)
123 {
124 char *tag;
125 char *x;
126 unsigned count;
127
128 switch(p->msg.command){
129 case A_SYNC: tag = "SYNC"; break;
130 case A_CNXN: tag = "CNXN" ; break;
131 case A_OPEN: tag = "OPEN"; break;
132 case A_OKAY: tag = "OKAY"; break;
133 case A_CLSE: tag = "CLSE"; break;
134 case A_WRTE: tag = "WRTE"; break;
135 case A_AUTH: tag = "AUTH"; break;
136 default: tag = "????"; break;
137 }
138
139 fprintf(stderr, "%s: %s %08x %08x %04x \"",
140 label, tag, p->msg.arg0, p->msg.arg1, p->msg.data_length);
141 count = p->msg.data_length;
142 x = (char*) p->data;
143 if(count > DUMPMAX) {
144 count = DUMPMAX;
145 tag = "\n";
146 } else {
147 tag = "\"\n";
148 }
149 while(count-- > 0){
150 if((*x >= ' ') && (*x < 127)) {
151 fputc(*x, stderr);
152 } else {
153 fputc('.', stderr);
154 }
155 x++;
156 }
157 fputs(tag, stderr);
158 }
159 #endif
160
send_ready(unsigned local,unsigned remote,atransport * t)161 static void send_ready(unsigned local, unsigned remote, atransport *t)
162 {
163 D("Calling send_ready");
164 apacket *p = get_apacket();
165 p->msg.command = A_OKAY;
166 p->msg.arg0 = local;
167 p->msg.arg1 = remote;
168 send_packet(p, t);
169 }
170
send_close(unsigned local,unsigned remote,atransport * t)171 static void send_close(unsigned local, unsigned remote, atransport *t)
172 {
173 D("Calling send_close");
174 apacket *p = get_apacket();
175 p->msg.command = A_CLSE;
176 p->msg.arg0 = local;
177 p->msg.arg1 = remote;
178 send_packet(p, t);
179 }
180
get_connection_string()181 std::string get_connection_string() {
182 std::vector<std::string> connection_properties;
183
184 #if !ADB_HOST
185 static const char* cnxn_props[] = {
186 "ro.product.name",
187 "ro.product.model",
188 "ro.product.device",
189 };
190
191 for (const auto& prop_name : cnxn_props) {
192 char value[PROPERTY_VALUE_MAX];
193 property_get(prop_name, value, "");
194 connection_properties.push_back(
195 android::base::StringPrintf("%s=%s", prop_name, value));
196 }
197 #endif
198
199 connection_properties.push_back(android::base::StringPrintf(
200 "features=%s", FeatureSetToString(supported_features()).c_str()));
201
202 return android::base::StringPrintf(
203 "%s::%s", adb_device_banner,
204 android::base::Join(connection_properties, ';').c_str());
205 }
206
send_connect(atransport * t)207 void send_connect(atransport* t) {
208 D("Calling send_connect");
209 apacket* cp = get_apacket();
210 cp->msg.command = A_CNXN;
211 cp->msg.arg0 = t->get_protocol_version();
212 cp->msg.arg1 = t->get_max_payload();
213
214 std::string connection_str = get_connection_string();
215 // Connect and auth packets are limited to MAX_PAYLOAD_V1 because we don't
216 // yet know how much data the other size is willing to accept.
217 if (connection_str.length() > MAX_PAYLOAD_V1) {
218 LOG(FATAL) << "Connection banner is too long (length = "
219 << connection_str.length() << ")";
220 }
221
222 memcpy(cp->data, connection_str.c_str(), connection_str.length());
223 cp->msg.data_length = connection_str.length();
224
225 send_packet(cp, t);
226 }
227
228 // qual_overwrite is used to overwrite a qualifier string. dst is a
229 // pointer to a char pointer. It is assumed that if *dst is non-NULL, it
230 // was malloc'ed and needs to freed. *dst will be set to a dup of src.
231 // TODO: switch to std::string for these atransport fields instead.
qual_overwrite(char ** dst,const std::string & src)232 static void qual_overwrite(char** dst, const std::string& src) {
233 free(*dst);
234 *dst = strdup(src.c_str());
235 }
236
parse_banner(const std::string & banner,atransport * t)237 void parse_banner(const std::string& banner, atransport* t) {
238 D("parse_banner: %s", banner.c_str());
239
240 // The format is something like:
241 // "device::ro.product.name=x;ro.product.model=y;ro.product.device=z;".
242 std::vector<std::string> pieces = android::base::Split(banner, ":");
243
244 // Reset the features list or else if the server sends no features we may
245 // keep the existing feature set (http://b/24405971).
246 t->SetFeatures("");
247
248 if (pieces.size() > 2) {
249 const std::string& props = pieces[2];
250 for (const auto& prop : android::base::Split(props, ";")) {
251 // The list of properties was traditionally ;-terminated rather than ;-separated.
252 if (prop.empty()) continue;
253
254 std::vector<std::string> key_value = android::base::Split(prop, "=");
255 if (key_value.size() != 2) continue;
256
257 const std::string& key = key_value[0];
258 const std::string& value = key_value[1];
259 if (key == "ro.product.name") {
260 qual_overwrite(&t->product, value);
261 } else if (key == "ro.product.model") {
262 qual_overwrite(&t->model, value);
263 } else if (key == "ro.product.device") {
264 qual_overwrite(&t->device, value);
265 } else if (key == "features") {
266 t->SetFeatures(value);
267 }
268 }
269 }
270
271 const std::string& type = pieces[0];
272 if (type == "bootloader") {
273 D("setting connection_state to kCsBootloader");
274 t->connection_state = kCsBootloader;
275 update_transports();
276 } else if (type == "device") {
277 D("setting connection_state to kCsDevice");
278 t->connection_state = kCsDevice;
279 update_transports();
280 } else if (type == "recovery") {
281 D("setting connection_state to kCsRecovery");
282 t->connection_state = kCsRecovery;
283 update_transports();
284 } else if (type == "sideload") {
285 D("setting connection_state to kCsSideload");
286 t->connection_state = kCsSideload;
287 update_transports();
288 } else {
289 D("setting connection_state to kCsHost");
290 t->connection_state = kCsHost;
291 }
292 }
293
handle_new_connection(atransport * t,apacket * p)294 static void handle_new_connection(atransport* t, apacket* p) {
295 if (t->connection_state != kCsOffline) {
296 t->connection_state = kCsOffline;
297 handle_offline(t);
298 }
299
300 t->update_version(p->msg.arg0, p->msg.arg1);
301 std::string banner(reinterpret_cast<const char*>(p->data),
302 p->msg.data_length);
303 parse_banner(banner, t);
304
305 #if ADB_HOST
306 handle_online(t);
307 #else
308 if (!auth_required) {
309 handle_online(t);
310 send_connect(t);
311 } else {
312 send_auth_request(t);
313 }
314 #endif
315 }
316
handle_packet(apacket * p,atransport * t)317 void handle_packet(apacket *p, atransport *t)
318 {
319 asocket *s;
320
321 D("handle_packet() %c%c%c%c", ((char*) (&(p->msg.command)))[0],
322 ((char*) (&(p->msg.command)))[1],
323 ((char*) (&(p->msg.command)))[2],
324 ((char*) (&(p->msg.command)))[3]);
325 print_packet("recv", p);
326
327 switch(p->msg.command){
328 case A_SYNC:
329 if(p->msg.arg0){
330 send_packet(p, t);
331 #if ADB_HOST
332 send_connect(t);
333 #endif
334 } else {
335 t->connection_state = kCsOffline;
336 handle_offline(t);
337 send_packet(p, t);
338 }
339 return;
340
341 case A_CNXN: // CONNECT(version, maxdata, "system-id-string")
342 handle_new_connection(t, p);
343 break;
344
345 case A_AUTH:
346 if (p->msg.arg0 == ADB_AUTH_TOKEN) {
347 t->connection_state = kCsUnauthorized;
348 t->key = adb_auth_nextkey(t->key);
349 if (t->key) {
350 send_auth_response(p->data, p->msg.data_length, t);
351 } else {
352 /* No more private keys to try, send the public key */
353 send_auth_publickey(t);
354 }
355 } else if (p->msg.arg0 == ADB_AUTH_SIGNATURE) {
356 if (adb_auth_verify(t->token, p->data, p->msg.data_length)) {
357 adb_auth_verified(t);
358 t->failed_auth_attempts = 0;
359 } else {
360 if (t->failed_auth_attempts++ > 10)
361 adb_sleep_ms(1000);
362 send_auth_request(t);
363 }
364 } else if (p->msg.arg0 == ADB_AUTH_RSAPUBLICKEY) {
365 adb_auth_confirm_key(p->data, p->msg.data_length, t);
366 }
367 break;
368
369 case A_OPEN: /* OPEN(local-id, 0, "destination") */
370 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 == 0) {
371 char *name = (char*) p->data;
372 name[p->msg.data_length > 0 ? p->msg.data_length - 1 : 0] = 0;
373 s = create_local_service_socket(name, t);
374 if(s == 0) {
375 send_close(0, p->msg.arg0, t);
376 } else {
377 s->peer = create_remote_socket(p->msg.arg0, t);
378 s->peer->peer = s;
379 send_ready(s->id, s->peer->id, t);
380 s->ready(s);
381 }
382 }
383 break;
384
385 case A_OKAY: /* READY(local-id, remote-id, "") */
386 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) {
387 if((s = find_local_socket(p->msg.arg1, 0))) {
388 if(s->peer == 0) {
389 /* On first READY message, create the connection. */
390 s->peer = create_remote_socket(p->msg.arg0, t);
391 s->peer->peer = s;
392 s->ready(s);
393 } else if (s->peer->id == p->msg.arg0) {
394 /* Other READY messages must use the same local-id */
395 s->ready(s);
396 } else {
397 D("Invalid A_OKAY(%d,%d), expected A_OKAY(%d,%d) on transport %s",
398 p->msg.arg0, p->msg.arg1, s->peer->id, p->msg.arg1, t->serial);
399 }
400 } else {
401 // When receiving A_OKAY from device for A_OPEN request, the host server may
402 // have closed the local socket because of client disconnection. Then we need
403 // to send A_CLSE back to device to close the service on device.
404 send_close(p->msg.arg1, p->msg.arg0, t);
405 }
406 }
407 break;
408
409 case A_CLSE: /* CLOSE(local-id, remote-id, "") or CLOSE(0, remote-id, "") */
410 if (t->online && p->msg.arg1 != 0) {
411 if((s = find_local_socket(p->msg.arg1, p->msg.arg0))) {
412 /* According to protocol.txt, p->msg.arg0 might be 0 to indicate
413 * a failed OPEN only. However, due to a bug in previous ADB
414 * versions, CLOSE(0, remote-id, "") was also used for normal
415 * CLOSE() operations.
416 *
417 * This is bad because it means a compromised adbd could
418 * send packets to close connections between the host and
419 * other devices. To avoid this, only allow this if the local
420 * socket has a peer on the same transport.
421 */
422 if (p->msg.arg0 == 0 && s->peer && s->peer->transport != t) {
423 D("Invalid A_CLSE(0, %u) from transport %s, expected transport %s",
424 p->msg.arg1, t->serial, s->peer->transport->serial);
425 } else {
426 s->close(s);
427 }
428 }
429 }
430 break;
431
432 case A_WRTE: /* WRITE(local-id, remote-id, <data>) */
433 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) {
434 if((s = find_local_socket(p->msg.arg1, p->msg.arg0))) {
435 unsigned rid = p->msg.arg0;
436 p->len = p->msg.data_length;
437
438 if(s->enqueue(s, p) == 0) {
439 D("Enqueue the socket");
440 send_ready(s->id, rid, t);
441 }
442 return;
443 }
444 }
445 break;
446
447 default:
448 printf("handle_packet: what is %08x?!\n", p->msg.command);
449 }
450
451 put_apacket(p);
452 }
453
454 #if ADB_HOST
455
456 #ifdef _WIN32
457
458 // Try to make a handle non-inheritable and if there is an error, don't output
459 // any error info, but leave GetLastError() for the caller to read. This is
460 // convenient if the caller is expecting that this may fail and they'd like to
461 // ignore such a failure.
_try_make_handle_noninheritable(HANDLE h)462 static bool _try_make_handle_noninheritable(HANDLE h) {
463 if (h != INVALID_HANDLE_VALUE && h != NULL) {
464 return SetHandleInformation(h, HANDLE_FLAG_INHERIT, 0) ? true : false;
465 }
466
467 return true;
468 }
469
470 // Try to make a handle non-inheritable with the expectation that this should
471 // succeed, so if this fails, output error info.
_make_handle_noninheritable(HANDLE h)472 static bool _make_handle_noninheritable(HANDLE h) {
473 if (!_try_make_handle_noninheritable(h)) {
474 // Show the handle value to give us a clue in case we have problems
475 // with pseudo-handle values.
476 fprintf(stderr, "Cannot make handle 0x%p non-inheritable: %s\n",
477 h, android::base::SystemErrorCodeToString(GetLastError()).c_str());
478 return false;
479 }
480
481 return true;
482 }
483
484 // Create anonymous pipe, preventing inheritance of the read pipe and setting
485 // security of the write pipe to sa.
_create_anonymous_pipe(unique_handle * pipe_read_out,unique_handle * pipe_write_out,SECURITY_ATTRIBUTES * sa)486 static bool _create_anonymous_pipe(unique_handle* pipe_read_out,
487 unique_handle* pipe_write_out,
488 SECURITY_ATTRIBUTES* sa) {
489 HANDLE pipe_read_raw = NULL;
490 HANDLE pipe_write_raw = NULL;
491 if (!CreatePipe(&pipe_read_raw, &pipe_write_raw, sa, 0)) {
492 fprintf(stderr, "Cannot create pipe: %s\n",
493 android::base::SystemErrorCodeToString(GetLastError()).c_str());
494 return false;
495 }
496
497 unique_handle pipe_read(pipe_read_raw);
498 pipe_read_raw = NULL;
499 unique_handle pipe_write(pipe_write_raw);
500 pipe_write_raw = NULL;
501
502 if (!_make_handle_noninheritable(pipe_read.get())) {
503 return false;
504 }
505
506 *pipe_read_out = std::move(pipe_read);
507 *pipe_write_out = std::move(pipe_write);
508
509 return true;
510 }
511
512 // Read from a pipe (that we take ownership of) and write the result to stdout/stderr. Return on
513 // error or when the pipe is closed. Internally makes inheritable handles, so this should not be
514 // called if subprocesses may be started concurrently.
_redirect_pipe_thread(HANDLE h,DWORD nStdHandle)515 static unsigned _redirect_pipe_thread(HANDLE h, DWORD nStdHandle) {
516 // Take ownership of the HANDLE and close when we're done.
517 unique_handle read_pipe(h);
518 const char* output_name = nStdHandle == STD_OUTPUT_HANDLE ? "stdout" : "stderr";
519 const int original_fd = fileno(nStdHandle == STD_OUTPUT_HANDLE ? stdout : stderr);
520 std::unique_ptr<FILE, decltype(&fclose)> stream(nullptr, fclose);
521
522 if (original_fd == -1) {
523 fprintf(stderr, "Failed to get file descriptor for %s: %s\n", output_name, strerror(errno));
524 return EXIT_FAILURE;
525 }
526
527 // If fileno() is -2, stdout/stderr is not associated with an output stream, so we should read,
528 // but don't write. Otherwise, make a FILE* identical to stdout/stderr except that it is in
529 // binary mode with no CR/LR translation since we're reading raw.
530 if (original_fd >= 0) {
531 // This internally makes a duplicate file handle that is inheritable, so callers should not
532 // call this function if subprocesses may be started concurrently.
533 const int fd = dup(original_fd);
534 if (fd == -1) {
535 fprintf(stderr, "Failed to duplicate file descriptor for %s: %s\n", output_name,
536 strerror(errno));
537 return EXIT_FAILURE;
538 }
539
540 // Note that although we call fdopen() below with a binary flag, it may not adhere to that
541 // flag, so we have to set the mode manually.
542 if (_setmode(fd, _O_BINARY) == -1) {
543 fprintf(stderr, "Failed to set binary mode for duplicate of %s: %s\n", output_name,
544 strerror(errno));
545 unix_close(fd);
546 return EXIT_FAILURE;
547 }
548
549 stream.reset(fdopen(fd, "wb"));
550 if (stream.get() == nullptr) {
551 fprintf(stderr, "Failed to open duplicate stream for %s: %s\n", output_name,
552 strerror(errno));
553 unix_close(fd);
554 return EXIT_FAILURE;
555 }
556
557 // Unbuffer the stream because it will be buffered by default and we want subprocess output
558 // to be shown immediately.
559 if (setvbuf(stream.get(), NULL, _IONBF, 0) == -1) {
560 fprintf(stderr, "Failed to unbuffer %s: %s\n", output_name, strerror(errno));
561 return EXIT_FAILURE;
562 }
563
564 // fd will be closed when stream is closed.
565 }
566
567 while (true) {
568 char buf[64 * 1024];
569 DWORD bytes_read = 0;
570 if (!ReadFile(read_pipe.get(), buf, sizeof(buf), &bytes_read, NULL)) {
571 const DWORD err = GetLastError();
572 // ERROR_BROKEN_PIPE is expected when the subprocess closes
573 // the other end of the pipe.
574 if (err == ERROR_BROKEN_PIPE) {
575 return EXIT_SUCCESS;
576 } else {
577 fprintf(stderr, "Failed to read from %s: %s\n", output_name,
578 android::base::SystemErrorCodeToString(err).c_str());
579 return EXIT_FAILURE;
580 }
581 }
582
583 // Don't try to write if our stdout/stderr was not setup by the parent process.
584 if (stream) {
585 // fwrite() actually calls adb_fwrite() which can write UTF-8 to the console.
586 const size_t bytes_written = fwrite(buf, 1, bytes_read, stream.get());
587 if (bytes_written != bytes_read) {
588 fprintf(stderr, "Only wrote %zu of %lu bytes to %s\n", bytes_written, bytes_read,
589 output_name);
590 return EXIT_FAILURE;
591 }
592 }
593 }
594 }
595
_redirect_stdout_thread(HANDLE h)596 static unsigned __stdcall _redirect_stdout_thread(HANDLE h) {
597 adb_thread_setname("stdout redirect");
598 return _redirect_pipe_thread(h, STD_OUTPUT_HANDLE);
599 }
600
_redirect_stderr_thread(HANDLE h)601 static unsigned __stdcall _redirect_stderr_thread(HANDLE h) {
602 adb_thread_setname("stderr redirect");
603 return _redirect_pipe_thread(h, STD_ERROR_HANDLE);
604 }
605
606 #endif
607
launch_server(int server_port)608 int launch_server(int server_port)
609 {
610 #if defined(_WIN32)
611 /* we need to start the server in the background */
612 /* we create a PIPE that will be used to wait for the server's "OK" */
613 /* message since the pipe handles must be inheritable, we use a */
614 /* security attribute */
615 SECURITY_ATTRIBUTES sa;
616 sa.nLength = sizeof(sa);
617 sa.lpSecurityDescriptor = NULL;
618 sa.bInheritHandle = TRUE;
619
620 // Redirect stdin to Windows /dev/null. If we instead pass an original
621 // stdin/stdout/stderr handle and it is a console handle, when the adb
622 // server starts up, the C Runtime will see a console handle for a process
623 // that isn't connected to a console and it will configure
624 // stdin/stdout/stderr to be closed. At that point, freopen() could be used
625 // to reopen stderr/out, but it would take more massaging to fixup the file
626 // descriptor number that freopen() uses. It's simplest to avoid all of this
627 // complexity by just redirecting stdin to `nul' and then the C Runtime acts
628 // as expected.
629 unique_handle nul_read(CreateFileW(L"nul", GENERIC_READ,
630 FILE_SHARE_READ | FILE_SHARE_WRITE, &sa, OPEN_EXISTING,
631 FILE_ATTRIBUTE_NORMAL, NULL));
632 if (nul_read.get() == INVALID_HANDLE_VALUE) {
633 fprintf(stderr, "Cannot open 'nul': %s\n",
634 android::base::SystemErrorCodeToString(GetLastError()).c_str());
635 return -1;
636 }
637
638 // Create pipes with non-inheritable read handle, inheritable write handle. We need to connect
639 // the subprocess to pipes instead of just letting the subprocess inherit our existing
640 // stdout/stderr handles because a DETACHED_PROCESS cannot write to a console that it is not
641 // attached to.
642 unique_handle ack_read, ack_write;
643 if (!_create_anonymous_pipe(&ack_read, &ack_write, &sa)) {
644 return -1;
645 }
646 unique_handle stdout_read, stdout_write;
647 if (!_create_anonymous_pipe(&stdout_read, &stdout_write, &sa)) {
648 return -1;
649 }
650 unique_handle stderr_read, stderr_write;
651 if (!_create_anonymous_pipe(&stderr_read, &stderr_write, &sa)) {
652 return -1;
653 }
654
655 /* Some programs want to launch an adb command and collect its output by
656 * calling CreateProcess with inheritable stdout/stderr handles, then
657 * using read() to get its output. When this happens, the stdout/stderr
658 * handles passed to the adb client process will also be inheritable.
659 * When starting the adb server here, care must be taken to reset them
660 * to non-inheritable.
661 * Otherwise, something bad happens: even if the adb command completes,
662 * the calling process is stuck while read()-ing from the stdout/stderr
663 * descriptors, because they're connected to corresponding handles in the
664 * adb server process (even if the latter never uses/writes to them).
665 * Note that even if we don't pass these handles in the STARTUPINFO struct,
666 * if they're marked inheritable, they're still inherited, requiring us to
667 * deal with this.
668 *
669 * If we're still having problems with inheriting random handles in the
670 * future, consider using PROC_THREAD_ATTRIBUTE_HANDLE_LIST to explicitly
671 * specify which handles should be inherited: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
672 *
673 * Older versions of Windows return console pseudo-handles that cannot be
674 * made non-inheritable, so ignore those failures.
675 */
676 _try_make_handle_noninheritable(GetStdHandle(STD_INPUT_HANDLE));
677 _try_make_handle_noninheritable(GetStdHandle(STD_OUTPUT_HANDLE));
678 _try_make_handle_noninheritable(GetStdHandle(STD_ERROR_HANDLE));
679
680 STARTUPINFOW startup;
681 ZeroMemory( &startup, sizeof(startup) );
682 startup.cb = sizeof(startup);
683 startup.hStdInput = nul_read.get();
684 startup.hStdOutput = stdout_write.get();
685 startup.hStdError = stderr_write.get();
686 startup.dwFlags = STARTF_USESTDHANDLES;
687
688 // Verify that the pipe_write handle value can be passed on the command line
689 // as %d and that the rest of adb code can pass it around in an int.
690 const int ack_write_as_int = cast_handle_to_int(ack_write.get());
691 if (cast_int_to_handle(ack_write_as_int) != ack_write.get()) {
692 // If this fires, either handle values are larger than 32-bits or else
693 // there is a bug in our casting.
694 // https://msdn.microsoft.com/en-us/library/windows/desktop/aa384203%28v=vs.85%29.aspx
695 fprintf(stderr, "Cannot fit pipe handle value into 32-bits: 0x%p\n",
696 ack_write.get());
697 return -1;
698 }
699
700 // get path of current program
701 WCHAR program_path[MAX_PATH];
702 const DWORD module_result = GetModuleFileNameW(NULL, program_path,
703 arraysize(program_path));
704 if ((module_result >= arraysize(program_path)) || (module_result == 0)) {
705 // String truncation or some other error.
706 fprintf(stderr, "Cannot get executable path: %s\n",
707 android::base::SystemErrorCodeToString(GetLastError()).c_str());
708 return -1;
709 }
710
711 WCHAR args[64];
712 snwprintf(args, arraysize(args),
713 L"adb -P %d fork-server server --reply-fd %d", server_port,
714 ack_write_as_int);
715
716 PROCESS_INFORMATION pinfo;
717 ZeroMemory(&pinfo, sizeof(pinfo));
718
719 if (!CreateProcessW(
720 program_path, /* program path */
721 args,
722 /* the fork-server argument will set the
723 debug = 2 in the child */
724 NULL, /* process handle is not inheritable */
725 NULL, /* thread handle is not inheritable */
726 TRUE, /* yes, inherit some handles */
727 DETACHED_PROCESS, /* the new process doesn't have a console */
728 NULL, /* use parent's environment block */
729 NULL, /* use parent's starting directory */
730 &startup, /* startup info, i.e. std handles */
731 &pinfo )) {
732 fprintf(stderr, "Cannot create process: %s\n",
733 android::base::SystemErrorCodeToString(GetLastError()).c_str());
734 return -1;
735 }
736
737 unique_handle process_handle(pinfo.hProcess);
738 pinfo.hProcess = NULL;
739
740 // Close handles that we no longer need to complete the rest.
741 CloseHandle(pinfo.hThread);
742 pinfo.hThread = NULL;
743
744 nul_read.reset();
745 ack_write.reset();
746 stdout_write.reset();
747 stderr_write.reset();
748
749 // Start threads to read from subprocess stdout/stderr and write to ours to make subprocess
750 // errors easier to diagnose. Note that the threads internally create inheritable handles, but
751 // that is ok because we've already spawned the subprocess.
752
753 // In the past, reading from a pipe before the child process's C Runtime
754 // started up and called GetFileType() caused a hang: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/02/10243553.aspx#10244216
755 // This is reportedly fixed in Windows Vista: https://support.microsoft.com/en-us/kb/2009703
756 // I was unable to reproduce the problem on Windows XP. It sounds like a
757 // Windows Update may have fixed this: https://www.duckware.com/tech/peeknamedpipe.html
758 unique_handle stdout_thread(reinterpret_cast<HANDLE>(
759 _beginthreadex(NULL, 0, _redirect_stdout_thread, stdout_read.get(),
760 0, NULL)));
761 if (stdout_thread.get() == nullptr) {
762 fprintf(stderr, "Cannot create thread: %s\n", strerror(errno));
763 return -1;
764 }
765 stdout_read.release(); // Transfer ownership to new thread
766
767 unique_handle stderr_thread(reinterpret_cast<HANDLE>(
768 _beginthreadex(NULL, 0, _redirect_stderr_thread, stderr_read.get(),
769 0, NULL)));
770 if (stderr_thread.get() == nullptr) {
771 fprintf(stderr, "Cannot create thread: %s\n", strerror(errno));
772 return -1;
773 }
774 stderr_read.release(); // Transfer ownership to new thread
775
776 bool got_ack = false;
777
778 // Wait for the "OK\n" message, for the pipe to be closed, or other error.
779 {
780 char temp[3];
781 DWORD count = 0;
782
783 if (ReadFile(ack_read.get(), temp, sizeof(temp), &count, NULL)) {
784 const CHAR expected[] = "OK\n";
785 const DWORD expected_length = arraysize(expected) - 1;
786 if (count == expected_length &&
787 memcmp(temp, expected, expected_length) == 0) {
788 got_ack = true;
789 } else {
790 fprintf(stderr, "ADB server didn't ACK\n");
791 }
792 } else {
793 const DWORD err = GetLastError();
794 // If the ACK was not written and the process exited, GetLastError()
795 // is probably ERROR_BROKEN_PIPE, in which case that info is not
796 // useful to the user.
797 fprintf(stderr, "could not read ok from ADB Server%s\n",
798 err == ERROR_BROKEN_PIPE ? "" :
799 android::base::StringPrintf(": %s",
800 android::base::SystemErrorCodeToString(err).c_str()).c_str());
801 }
802 }
803
804 // Always try to wait a bit for threads reading stdout/stderr to finish.
805 // If the process started ok, it should close the pipes causing the threads
806 // to finish. If the process had an error, it should exit, also causing
807 // the pipes to be closed. In that case we want to read all of the output
808 // and write it out so that the user can diagnose failures.
809 const DWORD thread_timeout_ms = 15 * 1000;
810 const HANDLE threads[] = { stdout_thread.get(), stderr_thread.get() };
811 const DWORD wait_result = WaitForMultipleObjects(arraysize(threads),
812 threads, TRUE, thread_timeout_ms);
813 if (wait_result == WAIT_TIMEOUT) {
814 // Threads did not finish after waiting a little while. Perhaps the
815 // server didn't close pipes, or it is hung.
816 fprintf(stderr, "Timed-out waiting for threads to finish reading from "
817 "ADB Server\n");
818 // Process handles are signaled when the process exits, so if we wait
819 // on the handle for 0 seconds and it returns 'timeout', that means that
820 // the process is still running.
821 if (WaitForSingleObject(process_handle.get(), 0) == WAIT_TIMEOUT) {
822 // We could TerminateProcess(), but that seems somewhat presumptive.
823 fprintf(stderr, "ADB Server is running: process id %lu\n",
824 pinfo.dwProcessId);
825 }
826 return -1;
827 }
828
829 if (wait_result != WAIT_OBJECT_0) {
830 fprintf(stderr, "Unexpected result waiting for threads: %lu: %s\n",
831 wait_result, android::base::SystemErrorCodeToString(GetLastError()).c_str());
832 return -1;
833 }
834
835 // For now ignore the thread exit codes and assume they worked properly.
836
837 if (!got_ack) {
838 return -1;
839 }
840 #else /* !defined(_WIN32) */
841 char path[PATH_MAX];
842 int fd[2];
843
844 // set up a pipe so the child can tell us when it is ready.
845 // fd[0] will be parent's end, and the child will write on fd[1]
846 if (pipe(fd)) {
847 fprintf(stderr, "pipe failed in launch_server, errno: %d\n", errno);
848 return -1;
849 }
850 get_my_path(path, PATH_MAX);
851 pid_t pid = fork();
852 if(pid < 0) return -1;
853
854 if (pid == 0) {
855 // child side of the fork
856
857 adb_close(fd[0]);
858
859 char str_port[30];
860 snprintf(str_port, sizeof(str_port), "%d", server_port);
861 char reply_fd[30];
862 snprintf(reply_fd, sizeof(reply_fd), "%d", fd[1]);
863 // child process
864 int result = execl(path, "adb", "-P", str_port, "fork-server", "server", "--reply-fd", reply_fd, NULL);
865 // this should not return
866 fprintf(stderr, "OOPS! execl returned %d, errno: %d\n", result, errno);
867 } else {
868 // parent side of the fork
869
870 char temp[3];
871
872 temp[0] = 'A'; temp[1] = 'B'; temp[2] = 'C';
873 // wait for the "OK\n" message
874 adb_close(fd[1]);
875 int ret = adb_read(fd[0], temp, 3);
876 int saved_errno = errno;
877 adb_close(fd[0]);
878 if (ret < 0) {
879 fprintf(stderr, "could not read ok from ADB Server, errno = %d\n", saved_errno);
880 return -1;
881 }
882 if (ret != 3 || temp[0] != 'O' || temp[1] != 'K' || temp[2] != '\n') {
883 fprintf(stderr, "ADB server didn't ACK\n" );
884 return -1;
885 }
886 }
887 #endif /* !defined(_WIN32) */
888 return 0;
889 }
890 #endif /* ADB_HOST */
891
892 // Try to handle a network forwarding request.
893 // This returns 1 on success, 0 on failure, and -1 to indicate this is not
894 // a forwarding-related request.
handle_forward_request(const char * service,TransportType type,const char * serial,int reply_fd)895 int handle_forward_request(const char* service, TransportType type, const char* serial, int reply_fd)
896 {
897 if (!strcmp(service, "list-forward")) {
898 // Create the list of forward redirections.
899 std::string listeners = format_listeners();
900 #if ADB_HOST
901 SendOkay(reply_fd);
902 #endif
903 return SendProtocolString(reply_fd, listeners);
904 }
905
906 if (!strcmp(service, "killforward-all")) {
907 remove_all_listeners();
908 #if ADB_HOST
909 /* On the host: 1st OKAY is connect, 2nd OKAY is status */
910 SendOkay(reply_fd);
911 #endif
912 SendOkay(reply_fd);
913 return 1;
914 }
915
916 if (!strncmp(service, "forward:", 8) || !strncmp(service, "killforward:", 12)) {
917 // killforward:local
918 // forward:(norebind:)?local;remote
919 bool kill_forward = false;
920 bool no_rebind = false;
921 if (android::base::StartsWith(service, "killforward:")) {
922 kill_forward = true;
923 service += 12;
924 } else {
925 service += 8; // skip past "forward:"
926 if (android::base::StartsWith(service, "norebind:")) {
927 no_rebind = true;
928 service += 9;
929 }
930 }
931
932 std::vector<std::string> pieces = android::base::Split(service, ";");
933
934 if (kill_forward) {
935 // Check killforward: parameter format: '<local>'
936 if (pieces.size() != 1 || pieces[0].empty()) {
937 SendFail(reply_fd, android::base::StringPrintf("bad killforward: %s", service));
938 return 1;
939 }
940 } else {
941 // Check forward: parameter format: '<local>;<remote>'
942 if (pieces.size() != 2 || pieces[0].empty() || pieces[1].empty() || pieces[1][0] == '*') {
943 SendFail(reply_fd, android::base::StringPrintf("bad forward: %s", service));
944 return 1;
945 }
946 }
947
948 std::string error_msg;
949 atransport* transport = acquire_one_transport(type, serial, nullptr, &error_msg);
950 if (!transport) {
951 SendFail(reply_fd, error_msg);
952 return 1;
953 }
954
955 std::string error;
956 InstallStatus r;
957 if (kill_forward) {
958 r = remove_listener(pieces[0].c_str(), transport);
959 } else {
960 r = install_listener(pieces[0], pieces[1].c_str(), transport,
961 no_rebind, &error);
962 }
963 if (r == INSTALL_STATUS_OK) {
964 #if ADB_HOST
965 /* On the host: 1st OKAY is connect, 2nd OKAY is status */
966 SendOkay(reply_fd);
967 #endif
968 SendOkay(reply_fd);
969 return 1;
970 }
971
972 std::string message;
973 switch (r) {
974 case INSTALL_STATUS_OK: message = "success (!)"; break;
975 case INSTALL_STATUS_INTERNAL_ERROR: message = "internal error"; break;
976 case INSTALL_STATUS_CANNOT_BIND:
977 message = android::base::StringPrintf("cannot bind listener: %s",
978 error.c_str());
979 break;
980 case INSTALL_STATUS_CANNOT_REBIND:
981 message = android::base::StringPrintf("cannot rebind existing socket");
982 break;
983 case INSTALL_STATUS_LISTENER_NOT_FOUND:
984 message = android::base::StringPrintf("listener '%s' not found", service);
985 break;
986 }
987 SendFail(reply_fd, message);
988 return 1;
989 }
990 return 0;
991 }
992
993 #if ADB_HOST
SendOkay(int fd,const std::string & s)994 static int SendOkay(int fd, const std::string& s) {
995 SendOkay(fd);
996 SendProtocolString(fd, s);
997 return 0;
998 }
999 #endif
1000
handle_host_request(const char * service,TransportType type,const char * serial,int reply_fd,asocket * s)1001 int handle_host_request(const char* service, TransportType type,
1002 const char* serial, int reply_fd, asocket* s) {
1003 if (strcmp(service, "kill") == 0) {
1004 fprintf(stderr, "adb server killed by remote request\n");
1005 fflush(stdout);
1006 SendOkay(reply_fd);
1007
1008 // On Windows, if the process exits with open sockets that
1009 // shutdown(SD_SEND) has not been called on, TCP RST segments will be
1010 // sent to the peers which will cause their next recv() to error-out
1011 // with WSAECONNRESET. In the case of this code, that means the client
1012 // may not read the OKAY sent above.
1013 adb_shutdown(reply_fd);
1014
1015 exit(0);
1016 }
1017
1018 #if ADB_HOST
1019 // "transport:" is used for switching transport with a specified serial number
1020 // "transport-usb:" is used for switching transport to the only USB transport
1021 // "transport-local:" is used for switching transport to the only local transport
1022 // "transport-any:" is used for switching transport to the only transport
1023 if (!strncmp(service, "transport", strlen("transport"))) {
1024 TransportType type = kTransportAny;
1025
1026 if (!strncmp(service, "transport-usb", strlen("transport-usb"))) {
1027 type = kTransportUsb;
1028 } else if (!strncmp(service, "transport-local", strlen("transport-local"))) {
1029 type = kTransportLocal;
1030 } else if (!strncmp(service, "transport-any", strlen("transport-any"))) {
1031 type = kTransportAny;
1032 } else if (!strncmp(service, "transport:", strlen("transport:"))) {
1033 service += strlen("transport:");
1034 serial = service;
1035 }
1036
1037 std::string error;
1038 atransport* t = acquire_one_transport(type, serial, nullptr, &error);
1039 if (t != nullptr) {
1040 s->transport = t;
1041 SendOkay(reply_fd);
1042 } else {
1043 SendFail(reply_fd, error);
1044 }
1045 return 1;
1046 }
1047
1048 // return a list of all connected devices
1049 if (!strncmp(service, "devices", 7)) {
1050 bool long_listing = (strcmp(service+7, "-l") == 0);
1051 if (long_listing || service[7] == 0) {
1052 D("Getting device list...");
1053 std::string device_list = list_transports(long_listing);
1054 D("Sending device list...");
1055 return SendOkay(reply_fd, device_list);
1056 }
1057 return 1;
1058 }
1059
1060 if (!strcmp(service, "features")) {
1061 std::string error;
1062 atransport* t = acquire_one_transport(type, serial, nullptr, &error);
1063 if (t != nullptr) {
1064 SendOkay(reply_fd, FeatureSetToString(t->features()));
1065 } else {
1066 SendFail(reply_fd, error);
1067 }
1068 return 0;
1069 }
1070
1071 // remove TCP transport
1072 if (!strncmp(service, "disconnect:", 11)) {
1073 const std::string address(service + 11);
1074 if (address.empty()) {
1075 kick_all_tcp_devices();
1076 return SendOkay(reply_fd, "disconnected everything");
1077 }
1078
1079 std::string serial;
1080 std::string host;
1081 int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
1082 std::string error;
1083 if (!android::base::ParseNetAddress(address, &host, &port, &serial, &error)) {
1084 return SendFail(reply_fd, android::base::StringPrintf("couldn't parse '%s': %s",
1085 address.c_str(), error.c_str()));
1086 }
1087 atransport* t = find_transport(serial.c_str());
1088 if (t == nullptr) {
1089 return SendFail(reply_fd, android::base::StringPrintf("no such device '%s'",
1090 serial.c_str()));
1091 }
1092 kick_transport(t);
1093 return SendOkay(reply_fd, android::base::StringPrintf("disconnected %s", address.c_str()));
1094 }
1095
1096 // Returns our value for ADB_SERVER_VERSION.
1097 if (!strcmp(service, "version")) {
1098 return SendOkay(reply_fd, android::base::StringPrintf("%04x", ADB_SERVER_VERSION));
1099 }
1100
1101 // These always report "unknown" rather than the actual error, for scripts.
1102 if (!strcmp(service, "get-serialno")) {
1103 std::string error;
1104 atransport* t = acquire_one_transport(type, serial, nullptr, &error);
1105 if (t) {
1106 return SendOkay(reply_fd, t->serial ? t->serial : "unknown");
1107 } else {
1108 return SendFail(reply_fd, error);
1109 }
1110 }
1111 if (!strcmp(service, "get-devpath")) {
1112 std::string error;
1113 atransport* t = acquire_one_transport(type, serial, nullptr, &error);
1114 if (t) {
1115 return SendOkay(reply_fd, t->devpath ? t->devpath : "unknown");
1116 } else {
1117 return SendFail(reply_fd, error);
1118 }
1119 }
1120 if (!strcmp(service, "get-state")) {
1121 std::string error;
1122 atransport* t = acquire_one_transport(type, serial, nullptr, &error);
1123 if (t) {
1124 return SendOkay(reply_fd, t->connection_state_name());
1125 } else {
1126 return SendFail(reply_fd, error);
1127 }
1128 }
1129
1130 // Indicates a new emulator instance has started.
1131 if (!strncmp(service, "emulator:", 9)) {
1132 int port = atoi(service+9);
1133 local_connect(port);
1134 /* we don't even need to send a reply */
1135 return 0;
1136 }
1137
1138 if (!strcmp(service, "reconnect")) {
1139 if (s->transport != nullptr) {
1140 kick_transport(s->transport);
1141 }
1142 return SendOkay(reply_fd, "done");
1143 }
1144 #endif // ADB_HOST
1145
1146 int ret = handle_forward_request(service, type, serial, reply_fd);
1147 if (ret >= 0)
1148 return ret - 1;
1149 return -1;
1150 }
1151